Question No: 1 – (Topic 1)

What are the two basic types of attacks?(Choose two.

Explanation: Passive and active attacks are the two basic types of attacks.

Question No: 2 – (Topic 1)

What does the term “Ethical Hacking” mean?

Someone who is hacking for ethical reasons.

Someone who is using his/her skills for ethical reasons.

Someone who is using his/her skills for defensive purposes.

Someone who is using his/her skills for offensive purposes.

Answer: C

Explanation: Ethical hacking is only about defending your self or your employer against malicious persons by using the same techniques and skills.

Question No: 3 – (Topic 1)

Which of the following best describes Vulnerability?

The loss potential of a threat

An action or event that might prejudice security

An agent that could take advantage of a weakness

A weakness or error that can lead to compromise

Answer: D

Explanation: A vulnerability is a flaw or weakness in system security procedures, design or implementation that could be exercised (accidentally triggered or intentionally exploited) and result in a harm to an IT system or activity.

Question No: 4 – (Topic 1)

Who is an Ethical Hacker?

A person who hacks for ethical reasons

A person who hacks for an ethical cause

A person who hacks for defensive purposes

A person who hacks for offensive purposes

Answer: C

Explanation: The Ethical hacker is a security professional who applies his hacking skills for defensive purposes.

Question No: 5 – (Topic 1)

What is quot;Hacktivismquot;?

Hacking for a cause

Hacking ruthlessly

An association which groups activists

None of the above

Answer: A

Explanation: The term was coined by author/critic Jason Logan King Sack in an article about media artist Shu Lea Cheang. Acts of hacktivism are carried out in the belief that proper use of code will have leveraged effects similar to regular activism or civil disobedience.

Question No: 6 – (Topic 1)

ABC.com is legally liable for the content of email that is sent from its systems, regardless of whether the message was sent for private or business-related purpose. This could lead to prosecution for the sender and for the company’s directors if, for example, outgoing email was found to contain material that was pornographic, racist or likely to incite someone to commit an act of terrorism.

You can always defend yourself by “ignorance of the law” clause.

True

False

Answer: B

Explanation: Ignorantia juris non excusat or Ignorantia legis neminem excusat (Latin for quot;ignorance of the law does not excusequot; or quot;ignorance of the law excuses no onequot;) is a public policy holding that a person who is unaware of a law may not escape liability for violating that law merely because he or she was unaware of its content; that is, persons have presumed knowledge of the law. Presumed knowledge of the law is the principle in jurisprudence that one is bound by a law even if one does not know of it. It has also been defined as the quot;prohibition of ignorance of the lawquot;.

Question No: 7 – (Topic 1)

Steven works as a security consultant and frequently performs penetration tests for Fortune 500 companies. Steven runs external and internal tests and then creates reports to show the companies where their weak areas are. Steven always signs a non-disclosure agreement before performing his tests. What would Steven be considered?

Whitehat Hacker

BlackHat Hacker

Grayhat Hacker

Bluehat Hacker

Answer: A

Explanation: A white hat hacker, also rendered as ethical hacker, is, in the realm of information technology, a person who is ethically opposed to the abuse of computer systems. Realization that the Internet now represents human voices from around the world has made the defense of its integrity an important pastime for many. A white hat generally focuses on securing IT systems, whereas a black hat (the opposite) would like to break into them.

Question No: 8 – (Topic 1)

The United Kingdom (UK) he passed a law that makes hacking into an unauthorized network a felony.

The law states:

Section1 of the Act refers to unauthorized access to computer material. This states that a person commits an offence if he causes a computer to perform any function with intent to secure unauthorized access to any program or data held in any computer. For a successful conviction under this part of the Act, the prosecution must prove that the access secured is unauthorized and that the suspect knew that this was the case. This section is designed to deal with common-or-graden hacking.

Section 2 of the deals with unauthorized access with intent to commit or facilitate

the commission of further offences. An offence is committed under Section 2 if a Section 1 offence has been committed and there is the intention of committing or facilitating a further offense (any offence which attacks a custodial sentence of more than five years, not necessarily one covered but the Act). Even if it is not possible to prove the intent to commit the further offence, the Section 1 offence is still committed.

Section 3 Offences cover unauthorized modification of computer material, which generally means the creation and distribution of viruses. For conviction to succeed there must have been the intent to cause the modifications and knowledge that the modification had not been authorized

->Unauthorised access to a computer system with intent to commit or facilitate the commission of a further offence

->Unauthorised modification of computer material

Question No: 9 – (Topic 1)

Where should a security tester be looking for information that could be used by an attacker against an organization? (Select all that apply)

CHAT rooms

WHOIS database

News groups

Web sites

Search engines

Organization’s own web site

Answer: A,B,C,D,E,F

Explanation: A Security tester should search for information everywhere that he/she can access. You never know where you find that small piece of information that could penetrate a strong defense.

Question No: 10 – (Topic 1)

What is the essential difference between an ‘Ethical Hacker’ and a ‘Cracker’?

The ethical hacker does not use the same techniques or skills as a cracker.

The ethical hacker does it strictly for financial motives unlike a cracker.

The ethical hacker has authorization from the owner of the target.

The ethical hacker is just a cracker who is getting paid.

Answer: C

Explanation: The ethical hacker uses the same techniques and skills as a cracker and the motive is to find the security breaches before a cracker does. There is nothing that says that a cracker does not get paid for the work he does, a ethical hacker has the owners authorization and will get paid even if he does not succeed to penetrate the target.